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REMARKS/ARGUMENTS 

Claims 1, 2, 4-52, 54-94, 96-119 and 121-161 are pending, claims 1, 92, and 117 are 
amended to correct typographical errors. 

The Examiner has not acknowledged receipt of the IDSs that were filed on May 2, 2001, 
and March 4, 2002. Applicants respectfully request acknowledgment of the IDSs by initialing 
and returning the attached copy of the same IDSs. 

Claims 1, 2, 4-51, 54-94, 96-119 and 121-161 are rejected under 35 U.S.C. § 102(e) as 
being anticipated by U.S. Patent No. 6,266,565 [sic] (should be 6,233,565) issued to Lewis 
(hereinafter " Lewis "). 

Applicants respectfully submit that the rejections are improperly expressed and that the 
Examiner is engaging in (improper) piecemeal examination. 

In a first Office action dated 12/16/04, claims 1-161 were rejected under 35 U.S.C. 
§ 102(e) as being anticipated by Whitehouse (U.S. 6,005,945). In a response dated 4/18/05 
applicants amended some relevant claims and distinguished Whitehouse. In a Final Office action 
dated 6/22/05, claims 1-161 were rejected under 35 U.S.C. §103(a) as being obvious over 
Whitehouse in view of Lewis (U.S. 6,233,565). 

Applicants' attorney conducted an interview with the Examiner on July 26, 2005. While 
no formal agreement was reached on claim language, the Examiner and Applicants 1 attorney 
discussed language to clarify the functionality of the cryptographic modules. Specifically, the 
language "each of the plurality of cryptographic modules is programmable to service any of the 
user terminals" was discussed. The Examiner indicated that the use of this language would 
likely distinguish the claims in the set of applications under discussion. 

In a response dated 8/22/05 applicants amended independent claims to include this 
language or similar language in light of the Interview and distinguished Whitehouse and Lewis, 
alone and in combination. In an Advisory Action dated 9/6/05, the Examiner refused to enter the 
amendment because "they raise new issues that would require further consideration and/or 
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search." Subsequently, Applicants filed a Request for Continued Examination (RCE) on 
9/19/05. 

The current Office action dated 10/21/05 is consequently issued rejecting all of the 
pending claims under 35 U.S.C. § 102(e) as being anticipated by Lewis and stating that 
"Applicant's argument with respect to claims 1-161 [sic] have been considered but are moot in 
view of new ground(s) of rejection." This by itself is an improper piecemeal examination 
because Lewis was already considered as a secondary reference in the previous Office action. 
MPEP 707.07(g) stats that "piecemeal examination should be avoided as much as possible. The 
Examiner should reject each claim on all valid grounds available." The Lewis reference was 
already available and was considered on the previous Office action. 

Additionally, the rejections in the current Office action are improperly expressed 
rejections. MPEP 707.07(d) stats that "[a]n omnibus rejection of the claim 'on the references and 
for the reasons of record' is stereotyped and usually not informative and should therefore be 
avoided." Regardless of Applicants references to specific claim limitations and distinguishing 
those limitations over specific text of Lewis in their response of 8/22/05, the current Office 
action rejects the claims over Lewis reference in an omnibus and general manner and without 
mentioning any specific text, other than a large and broad portion of Lewis ("figs 1-3 and their 
accompany text"). See, Office action, page 3, first paragraph. 

Furthermore, the current Office action rejects claims 2, 4-52, 54-94, 96-119 and 121-161 
"since their disclosures are similar in nature and do not further limit the claims." (Office action, 
page 3, first sentence of the second paragraph.) Applicants respectfully disagree. Most of the 
above-mentioned claims indeed further limit claim 1 and other respective independent base 
claims. The current Office action also mentions that "the claimed limitation in claims 2, 4-52, 
54-94, 96-119 and 121-161 are clear taught and anticipated by Lewis' disclosure," without any 
specific references to how and where in Lewis each of those limitations are taught. Again, this 
rejection is improper under MPEP 707.07(d), which stats that "[a] plurality of claims should 
never be grouped together in a common rejection, unless that rejection is equally applicable to all 
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claims in the group." The current Office action fails to show how the Lewis reference is equally 
applicable to claims 2, 4-52, 54-94, 96-119 and 121-161. 

Nevertheless and again, Applicants respectfully submit that Lewis does not teach the 
limitations of any of the pending claims. 

For example, independent claim 1 includes, among other limitations "a plurality of 
cryptographic devices remote from the plurality of user terminals," "wherein each of the plurality 
of cryptographic devices is programmable to service any of the plurality of user terminals," and 
"wherein any respective cryptographic device authenticates the identity of each user and 
authenticates the user for a role." 

In regard to the element of "a plurality of cryptographic devices remote from the plurality 
of user terminal," the system of Lewis dose not have a plurality of cryptographic devices remote 
from the plurality of users. Rather, Lewis describes a single cryptographic module (14) that is 
remote from the users. As illustrated in FIG. 1, Lewis discloses a remote service provider (RSP) 
4, and a third party seller of goods and/or services (TPS) 6... . The client 2n has a Host system 
lOn and a PSD 20n which is resident on a f singlel server of RSP 4. The Host lOn accesses the 
remote PSD 20n via the Internet 30." (Col. 6. lines 39-59, emphasis added). The single server 4 
comprises of its own single cryptographic module 14. (Col. 21, lines 64-65, emphasis added). 
Lewis further describes that each client 2n has its own cryptographic module 12. However, these 
client cryptographic modules 12 are not each "remote from the plurality of users." That is, at 
least one of the client cryptographic modules 12 is local to at least one user. 

Regarding the claimed elements "wherein each of the plurality of cryptographic devices 
is programmable to service any of the plurality of user terminals," and "wherein any respective 
cryptographic device authenticates the identity of each user and authenticates the user for a role." 
Lewis fails to teach this element. First, as mentioned above, the system of Lewis dose not have a 
plurality of cryptographic devices remote from the plurality of users. Second, even if arguendo, 
Lewis described a plurality of server cryptographic devices remote from the plurality of users, 
there is no description in Lewis that each of these imaginary server cryptographic devices is 
capable of authenticating any of the plurality of remote users. In fact, Lewis specifically 
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describes that the cryptographic module 14 stores the Client Public Authentication Keys, which 
are used to prove the client's identity (that is, to authenticate the client), when a client attempts to 
establish a connection with the server 4. (Col 25, line 63-67. Also, see, Table III at the end of 
Col. 27, and col. 27, lines 58-59.). 

Therefore, even if Lewis had a plurality of server cryptographic devices remote from the 
users, each of those devices would not have been able to service or authenticate any of the 
plurality of users, because each cryptographic device would have had to maintain and update the 
Public Authentication Keys for all of the clients. There is no teaching in Lewis about this. 
Furthermore, each of the imaginary server cryptographic devices of Lewis would have had to be 
"stateless device, meaning that a PSD package can be passed to any device because the 
application does not rely upon any information about what occurred with the previous PSD 
package." (Specification, page 8, lines 13-16). Moreover, a PSD package for each of the 
imaginary server cryptographic devices would have had to include "all data needed to restore the 
PSD to its last known state when it is next loaded into a [different] cryptographic module." (Id., 
lines 22-24). There is no teaching in Lewis about this either. 

Accordingly, claim 1 is not anticipated by Lewis. Independent claims 92 and 117 include 
similar limitations and thus are not anticipated by Lewis either. 

Independent claim 50 includes, among other limitations "securing the information about 
the users in the database by one or more of cryptographic devices remote from the plurality of 
user terminals, wherein each of the cryptographic devices accesses data elements for any of the 
user terminals," storing a plurality of security device transaction data in the database, wherein 
each transaction data is related to one of the plurality of users," and "verifying that the requesting 
user is authorized to assume a role and to perform a corresponding operation, the role limiting 
the user to a subset of commands provided." As discussed above, Lewis does not teach the 
above limitations. Therefore, claim 50 is not anticipated by Lewis either. 

Independent claim 131 recites "A method for secure processing of a value bearing item 
on a computer network having a plurality of users using a plurality of computer terminals for 
connecting to the network and a plurality of cryptographic devices remote from the users and 



-25- 



Appln No. 09/690,066 

Amdtdate March 3, 2006 

Reply to Office action of October 21, 2005 

coupled to the network, each cryptographic device executing a plurality of security device 
transactions, the method comprising: requesting by a user authorization for a role, the role 
restricting the user to less than a full set of commands; assigning a security device transaction 
data to the requesting user, wherein the security device transaction data may be executed on any 
of the plurality of cryptographic devices; authenticating the identity of the user; granting the 
requested role; issuing a command that is available for the requested role; and executing the 
issued command, wherein each of the plurality of cryptographic devices processes data for any 
user."' 

As explained above, Lewis does not teach one or more of the above limitations. 
Therefore, claim 131 is not anticipated by Lewis either. 

In short, independent claims 1, 50, 92, 117 and 131 recite a patentable subject matter over 
cited references. Dependent claims 2,4-49, 51-52, 54-91, 93-116, 118-119, 121-130, and 132- 
161 depend from claims 1, 50, 92, 117 and 131, respectively and include all the limitations of 
their base claims and additional limitations therein. Accordingly, these claims are also 
allowable, as being dependent from an allowable independent claim and for the additional 
limitations they include therein and their allowance is requested. 

In view of the foregoing amendments and remarks, it is respectfully submitted that this 
application is now in condition for allowance, and accordingly, reconsideration and allowance of 
this application are respectfully requested. If the Examiner believes that a telephone conference 
would be useful in moving this application forward to allowance, the Examiner is encouraged to 
contact the undersigned at (626) 795-9900. 



Respectfully submitted, 

CHRISTIE, PARKER & HALE, LLP 



By 




Raymond R. Tabandeh 
Reg. No. 43,945 
626/795-9900 
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